August 9, 2019

The British Airways GDPR Fine and What to Learn From It


British Airways is the latest to feel the financial impact of the GDPR regulation.  Learn what this will cost the airline, and how you can improve your security efforts to avoid a similar fine.

$230 Million Fine Looms for British Airways as a Consequence of 2018 Data Breach


The Information Commissioner’s Office (ICO) in the UK has announced plans to fine British Airways a record $230 million (£183 million) in response to their September 2018 data breach. The ICO cited poor security arrangements at the airline as a key consideration for the largest GDPR fine this department has issued to date. In this case, people visiting the British Airways website were diverted to a fraudulent site, where bad actors were able to collect names, billing addresses, email addresses, payment information, and more.


British Airways’ initial disclosure indicated that the breach happened between August and September 2018 and impacted 380,000 card payments. The airline later reported that 185,000 additional people who made bookings between April and July may have also been compromised.



Resource: To learn how you can improve security and compliance with GDPR and other regulations, download our “Data Privacy Regulations” eBook today.



The British Airways GDPR fine comes less than a year after the ICO fined Facebook £500,000 following the Cambridge Analytica scandal, which impacted 87 million users. The dramatic difference in fines is an illustration of how much has changed since the GDPR was implemented in 2018. At the time of the Cambridge Analytica scandal, Facebook’s fine was the maximum amount allowed under the 1998 Data Protection Act. GDPR now allows companies to be fined a maximum of 4 percent of global revenue. The British Airways fine amounts to 1.5 percent.


British Airways has announced they intend to appeal. Information Commissioner Elizabeth Denham said the law is clear and those who do not follow the GDPR requirements “will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.” However, British Airways CEO Alex Cruz contends that the company has found no evidence of fraudulent activity after cooperating fully with the investigation and making security improvements since.



Related: Learn how ARIA Cybersecurity Solutions are helping companies in all industries comply with strict regulations and requirements



How ARIA Cybersecurity Solutions can help

GDPR regulations and the consequences are intimidating for global organizations, and we understand the challenges in implementing a comprehensive and effective network security and data protection infrastructure—as well as the best way to comply with increasingly difficult, even conflicting federal, state, and industry regulations. While it may be challenging, the right security tools may save the business from the devastating effects of a data breach—and the fines that inevitably result.


Our suite of solutions improve the performance of existing security tools, such as SIEMs or SOARs, by providing better intelligence on suspicious conversations.  For example, our network adapters and ARIA Packet Intelligence application can not only monitor, but capture all network activity, providing complete visibility into the entire network, including east-west traffic, directing better, more enriched data to existing security tools. This lets these threat detection tools identify more network-borne threats in real time—before they could turn into breaches that could affect consumers.


Additionally, our incident response and breach notification solutions help InfoSec teams meet even the toughest regulatory compliance requirements in several critical ways:

  • Completing breach investigations in mere hours--not days, weeks, or months after the fact. 
  • Pinpointing the impacted devices and immediately and automatically takes direction from existing tools, including SOARs,  to shut down communications between only those devices.
  • Providing detailed reporting on the exact PII records impacted, if any, and demonstrate proof that data is encrypted.


Not only does this help improve any company’s security posture, but it delivers the proof needed for regulatory compliance.


To learn more about ARIA Cybersecurity Solutions, and how we can help overcome traditional security challenges and ensure compliance, please visit


Or to learn more about how our solutions can help improve security and compliance, be sure to check our Data Privacy Regulations eBook today.



About ARIA Cybersecurity Solutions 

ARIA Cybersecurity Solutions recognizes that better, stronger, more effective cybersecurity starts with a smarter approach. Our solutions provide new ways to monitor all internal network traffic, while capturing and feeding the right data to existing security tools to improve threat detection and surgically disrupt intrusions. Customers in a range of industries rely on our solutions each and every day to accelerate incident response, automate breach detection, and protect their most critical assets and applications. With a proven track record supporting the Department of Defense and many intelligence agencies in their war on terror, and an award-winning portfolio of security solutions, ARIA Cybersecurity Solutions is committed to leading the way in cybersecurity success.

Tags: cyber attack, data breach, gdpr, cybersecurity